Maybe someone has an easier way of doing this but to me it would seem
easier, and maybe more worthwhile in the end, to invest in a single
sign-on product such as Citrix Password Manager or Imprivata. I guess
the other thing you could do is see if the other applications support
direct Active Directory or RADIUS authentication.
Mike
-----Original Message-----
From: Rodrigo Blanco [mailto:rodrigo.blanco.r@gmail.com]
Sent: Wednesday, August 31, 2005 2:27 AM
To: focus-ms@securityfocus.com
Subject: Active Directory password external use
Hello list,
I am currently doing a project that requires using the Active
Directory users' password for other purposes other than just
workstation logon or share access.
What I would need to do is detect password change / reset events on
the domain, capture the new password and send it to another
application. This could be done with an agent or daemon running on the
DC machine.
The question is, when a users' password is changed / resetted, is it
possible to externally capture this event and make use of the password
before it is stored in a non-reversible format inside the active dir.?
What security implications would this have, and what security measures
would you propose for such an agent?
Thanks in advance for your help and best regards,
Rodrigo.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
************************************************************
This email and any files transmitted with it are confidential. And intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please contact the system administrator
for Cape Cod Healthcare.
Administrator@CapeCodHealth.org
************************************************************
---------------------------------------------------------------------------
---------------------------------------------------------------------------
